Getting Data In

NFS file utilization auditing with Splunk on HP-UX servers

albertoperez
Explorer

Hi,
We are working to develop a Splunk project that audit the accesses and modifications to the files stored in several folders in several HP-UX servers, published by NFS.
Our first problems are blocking the project, so I hope you can help me with these:
1. The operating system logs show the actions executed in local over the files, with relative path, so we can´t identify certainly if a concrete file has been read / modified / deleted
2. One alternative is, having in mind each register in the log can identify the associated filesystem, mounting the folder to audit in an independent filesystem, but this idea generates the inconvenience of needing the constant mounting of this ‘extra’ filesystem in the monitored server. Anyway, this 'solution' only audit the local access, no via NFS.
3. By other hand, it exists a configuration parameter (‘audit_track_paths’) that enables the use of absolute paths, but this parameter only exists with HP-UV 11.31 version, and currently the customer servers haven´t got this version.
4. Finally, the audit files (not logs) in HP-UX systems are not plane text files, so we´d need any integration with Splunk taking advantage of the script data input. In the 'audit' command man page I found several C functions that enable to me to create a script to link it in a Script Data Input.

Have anybody any experience about any similar environment / project to help me or guide to me.

Thanks in advance.

Tags (4)

albertoperez
Explorer

Nice!
This is the way. 😉
Thank you Mario.

0 Karma

MarioM
Motivator

Here HP-UX Auditing some information and script about audit logs of the HP-UX servers.

0 Karma
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...